Define Ransomware – A new stealthy & sneaky technical scam
There are many ways to define ransomware, but in the end it is all the same
Is your company’s data important? How would it impact your business if you were to suddenly lose access to critical files you need to function. Things like customer data, accounting records, personnel files. Could your business survive? This is the threat faced each day by businesses, which fail to take the proper precautions to protect their computer systems against ransomware. Before going any further, we should first define ransomware.
How to define ransomware
Ransomware is a form of malware, or malicious software, that effectively holds data for ransom. CryptoLocker, one of the most common forms of ransomware, does this by encrypting a victim’s data and demanding that victims pay a ransom in order for the encryption key needed to decrypt the data. CryptoLocker victims, who fail to pay the ransom by a pre-designated deadline have a near-zero change of otherwise recovering any of their files.
However, paying the ransom — often between $300 and $500 — is no guarantee that you will actually be able to recover your files. One Charlotte, NC law firm learned this the hard way in 2014. Despite paying the virus creator $300, the firm was unable to recover any of their files and permanently lost access to thousands of client files.
Malware most often spreads as an e-mail attachment in a modified form of virus attack known as a social engineering attack. In this form of virus attack, a targeted victim is sent an email that appears to be from a trusted source. The e-mail will have an attached file that looks like a legitimate file the victim has requested. Clicking or opening the attachment will trigger the infected payload.
One way to prevent CryptoLocker infections is to be very wary of emails, particularly e-mails from unknown senders, with unexpected attachments. Users also need to be aware of what proper attachments should look like. For instance, an e-mail attachment labeled a ‘Invoice.pdf’ is most likely a legitimate Acrobat PDF file, while one labeled ‘Invoice.pdf.exe’ is almost certainly infected with a virus or some other form of malware. The .exe at the end gives it away — .exe files are executables, or programs. Running unknown programs, from unknown sources, particularly ones sent as email attachments, is a guaranteed way to invite malware into your computer and your network.
Once a single machine is infected with CryptoLocker, it will quickly spread to every directory on your network that they have access to. For instance, if you have a shared directory on your server that an infected worker can access, every file in that directory can quickly become encrypted by CryptoLocker. This also means, for instance, that if they have access to drive or directory containing your critical accounting records, those records will also very likely become encrypted unless the infected machine is found in time to stop the spread of the infection.
Know how to protect your business
Defining the threat posed by ransomware, such as CryptoLocker is the easy part, but what about protecting your business from this threat?
The best defense against CryptoLocker is simple user education, backed up by an antivirus solution that protects every computer and server on your network. However, malware, including CryptoLocker, can change and mutate faster than antivirus can update to fight it.
For this reason, your best defense against CryptoLocker, or any malware or virus, is a comprehensive full-network backup solution that provides multiple snapshots or versions of your critical files.
It doesn’t matter how you define ransomware. In the end, all that matters is that you can easily restore your data. A backup solution can give your business the disaster recovery and continuity of operations needed to withstand any malware outbreak.
We can provide the support you need to keep your business safe from ransomware. Contact us today for a demo of some of the latest technology.